The unforeseeable events of 2020, with unplanned, large-scale shifts to remote work, challenged how agencies manage their cybersecurity. As agencies pivoted, employees entered a “new normal” with heightened security measures that sometimes made it more difficult for them to access applications required to do their daily jobs.
Now, with remote work increasing the number of users and devices that must be protected outside their physical borders, it is crucial for agencies to revisit their cybersecurity methodologies and postures.
Going forward, government continuity and efficiently serving citizens depends on agencies’ security and operational effectiveness. For citizens, any obstacles they encounter in government systems can create frustrating delays for products and services like Medicare benefits.
Even worse, malicious actors are ready to pounce on any vulnerability. Today’s cybercriminals are more aggressive and creative than before.
“When your guard is down, you become an easier target,” said Rob San Martin, Vice President of Public Sector at Akamai, a leading cloud security and delivery provider.
With remote workers now relying more on the cloud for application and system access, agencies need a strong cybersecurity methodology to maintain stout defenses on and off premises.
San Martin shared three tips for robust security with cloud-based cyberdefenses:
1. Verify identities
For too long, agencies have trusted their users to be who they say they are. Going forward, San Martin recommended agencies exercise more skepticism when vetting users.
“It is irrelevant if it is a government employee, a constituent or a downstream contractor,” he said. “The identity of that person is the first step to avoiding these attacks.”
San Martin suggested agencies automatically distrust every user or device accessing their data, requiring their identity and permission levels to be verified each time they request access. This philosophy – zero-trust security – can keep cybercriminals away from their sensitive citizen data.
2. Monitor machines
Endpoints are remote computing devices such as laptops that connect to networks. As more agencies work remotely, the number of endpoints has increased dramatically.
“Everybody is starting to watch the machines,” San Martin said. “Is the machine acting like we anticipated, or does it need to be patched?”
3. Upgrade UX
Unfortunately, the more agencies scrutinize their devices and users, the more difficult work can become for their staff. Strict cybersecurity may keep data secure, but it can also become aggravating with multiple logins, authentications and passwords for employees.
Thankfully, cloud services like Akamai’s can help agencies implement zero-trust security without sacrificing quality user experience (UX). Cloud’s flexibility means it can easily support tools like secure login portals that employees can access and use with a single login. Furthermore, cloud can help agencies continuously monitor their networks’ devices and users.
“The overall solution gains strength, ubiquity and actual utility when the government starts to get comfortable with what that access solution is,” San Martin said. “But UX is what it all comes down to.”
This article is an excerpt from GovLoop’s recent guide, “Your Cybersecurity Handbook: Tips and Tricks to Stay Safe.” Download the full guide here.